Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

General Approach #8

Open
28 of 31 tasks
amphioxis opened this issue Feb 1, 2022 · 1 comment
Open
28 of 31 tasks

General Approach #8

amphioxis opened this issue Feb 1, 2022 · 1 comment
Assignees
@amphioxis
Labels
enhancement New feature or request

Comments

@amphioxis
Copy link
Contributor

amphioxis commented Feb 1, 2022
edited
Loading

  • Read in requirements.txt
  • Send data to FASTEN (package name and version) using the /rcg endpoint
  • Check if a package is known by FASTEN
  • Create local Call Graphs for packages not known by FASTEN
    • Download the unknown packages
    • Unzip the downloaded packages
    • Create Call Graphs for unzipped packages
    • Delete packages after Call Graph generation
  • Receive for all packages known by the FASTEN database a Call Graph (created by FASTEN)
  • Receive vulnerability information for each package from FASTEN via the .../{pkg}/{pkg_ver}/vulnerabilities endpoint
    • Implementation of the .../{pkg}/{pkg_ver}/vulnerabilities endpoint
  • Create a Call Graph for the locally created package
    • Use pycg in the right way, so that the Call Graph has the right format
  • Stitch the Call Graphs together (locally)
  • Create Optimized Stitched Call Graph
    • Create adjacency list of Stitched Call Graph
    • Implement depth search algorithm
  • Find licenses
  • Analyze the project for vulnerability and license information
    • Implement Vulnerability Analyzer
    • Implement License Analyzer
  • Enrich the Stitched Call Graph with the metadata information received from FASTEN and the results of the analysis done locally
    • Get metadata for each callable from FASTEN
    • Enrich with metadata information for each callable received from FASTEN
      • Create a list of URIs inside the Optimized Stitched Call Graph
      • Compare this list with the URIs inside the callable json received from FASTEN
      • For each URI match, enrich the Optimized Stitched Call Graph if metadata information is available in the callable json
    • Enrich with license information
  • Analyze Enriched Call Graph
  • Write final report about analyzed project
    pypi-plugin-progress
@amphioxis amphioxis added the enhancement New feature or request label Feb 1, 2022
@amphioxis amphioxis self-assigned this Feb 1, 2022
@amphioxis amphioxis changed the title Improvements General Approach Feb 9, 2022
@gdrosos
Copy link
Member

gdrosos commented Mar 11, 2022
edited
Loading

Hello @amphioxis, with the merge of https://github.com/fasten-project/fasten-docker-deployment/pull/28 all the python endpoints should be functional, enabling you to recieve the rcgs and the information stored in the metadata db.

@amphioxis amphioxis pinned this issue Apr 11, 2022
@michelescarlato michelescarlato unpinned this issue May 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amphioxis amphioxis

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gdrosos @amphioxis